WIP blaze frontend

2025-06-16 21:50:14 +02:00 · 2024-05-28 14:14:36 +02:00
66 changed files with 158 additions and 1212 deletions
--- a/.github/scripts/rename_inactive_branches.py
+++ b/.github/scripts/rename_inactive_branches.py
@ -1,39 +0,0 @@
 import os
 import requests
 from datetime import datetime, timedelta
 # Configuration
 GITHUB_TOKEN = os.getenv('GITHUB_TOKEN')
 REPO = 'samply/bridgehead'
 HEADERS = {'Authorization': f'token {GITHUB_TOKEN}', 'Accept': 'application/vnd.github.v3+json'}
 API_URL = f'https://api.github.com/repos/{REPO}/branches'
 INACTIVE_DAYS = 365
 CUTOFF_DATE = datetime.now() - timedelta(days=INACTIVE_DAYS)
 # Fetch all branches
 def get_branches():
    response = requests.get(API_URL, headers=HEADERS)
    response.raise_for_status()
    return response.json() if response.status_code == 200 else []
 # Rename inactive branches
 def rename_branch(old_name, new_name):
    rename_url = f'https://api.github.com/repos/{REPO}/branches/{old_name}/rename'
    response = requests.post(rename_url, json={'new_name': new_name}, headers=HEADERS)
    response.raise_for_status()
    print(f"Renamed branch {old_name} to {new_name}" if response.status_code == 201 else f"Failed to rename {old_name}: {response.status_code}")
 # Check if the branch is inactive
 def is_inactive(commit_url):
    last_commit_date = requests.get(commit_url, headers=HEADERS).json()['commit']['committer']['date']
    return datetime.strptime(last_commit_date, '%Y-%m-%dT%H:%M:%SZ') < CUTOFF_DATE
 # Rename inactive branches
 def main():
    for branch in get_branches():
        if is_inactive(branch['commit']['url']):
            #rename_branch(branch['name'], f"archived/{branch['name']}")
            print(f"[LOG] Branch '{branch['name']}' is inactive and would be renamed to 'archived/{branch['name']}'")
 if __name__ == "__main__":
    main()
--- a/.github/workflows/rename-inactive-branches.yml
+++ b/.github/workflows/rename-inactive-branches.yml
@ -1,27 +0,0 @@
 name: Cleanup - Rename Inactive Branches
 on:
  schedule:
    - cron: '0 0 * * 0'  # Runs every Sunday at midnight
 jobs:
  archive-stale-branches:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v2
      - name: Set up Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.x'
      - name: Install Libraries
        run: pip install requests
      - name: Run Script to Rename Inactive Branches
        run: |
          python .github/scripts/rename_inactive_branches.py
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/README.md
+++ b/README.md
@ -34,7 +34,7 @@ This repository is the starting point for any information and tools you will nee
 ## Requirements
-The data protection officer at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts:
+The data protection group at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts:
 - [Germany](https://www.bbmri.de/biobanking/it/infrastruktur/datenschutzkonzept/)
@ -46,8 +46,6 @@ Hardware requirements strongly depend on the specific use-cases of your network
 - 32 GB RAM
 - 160GB Hard Drive, SSD recommended
 We recommend using a dedicated VM for the Bridgehead, with no other applications running on it. While the Bridgehead can, in principle, run on a shared VM, you might run into surprising problems such as resource conflicts (e.g., two apps using tcp port 443).
 ### Software
 You are strongly recommended to install the Bridgehead under a Linux operating system (but see the section [Non-Linux OS](#non-linux-os)). You will need root (administrator) priveleges on this machine in order to perform the deployment. We recommend the newest Ubuntu LTS server release.
@ -202,7 +200,7 @@ sudo systemctl [enable|disable] bridgehead@<PROJECT>.service
 After starting the Bridgehead, you can watch the initialization process with the following command:
 ```shell
-/srv/docker/bridgehead/bridgehead logs <project> -f
+journalctl -u bridgehead@bbmri -f
 ```
 if this exits with something similar to the following:
@ -222,9 +220,8 @@ docker ps
 There should be 6 - 10 Docker proceses. If there are fewer, then you know that something has gone wrong. To see what is going on, run:
 ```shell
-/srv/docker/bridgehead/bridgehead logs <Project> -f
+journalctl -u bridgehead@bbmri -f
 ```
 This translates to a journalctl command so all the regular journalctl flags can be used.
 Once the Bridgehead has passed these checks, take a look at the landing page:
@ -238,7 +235,7 @@ You can either do this in a browser or with curl. If you visit the URL in the br
 curl -k https://localhost
 ```
-Should the landing page not show anything, you can inspect the logs of the containers to determine what is going wrong. To do this you can use `./bridgehead docker-logs <Project> -f` to follow the logs of the container. This transaltes to a docker compose logs command meaning all the ususal docker logs flags work.
+If you get errors when you do this, you need to use ```docker logs``` to examine your landing page container in order to determine what is going wrong.
 If you have chosen to take part in our monitoring program (by setting the ```MONITOR_APIKEY``` variable in the configuration), you will be informed by email when problems are detected in your Bridgehead.
@ -301,19 +298,19 @@ Once you have added your biobank to the Directory you got persistent identifier
 The Bridgehead's **Directory Sync** is an optional feature that keeps the Directory up to date with your local data, e.g. number of samples. Conversely, it also updates the local FHIR store with the latest contact details etc. from the Directory. You must explicitly set your country specific directory URL, username and password to enable this feature.
 You should talk with your local data protection group regarding the information that is published by Directory sync.
 Full details can be found in [directory_sync_service](https://github.com/samply/directory_sync_service).
 To enable it, you will need to set these variables to the ```bbmri.conf``` file of your GitLab repository. Here is an example config:
 ```
 DS_DIRECTORY_URL=https://directory.bbmri-eric.eu
 DS_DIRECTORY_USER_NAME=your_directory_username
-DS_DIRECTORY_USER_PASS=your_directory_password
+DS_DIRECTORY_USER_PASS=qwdnqwswdvqHBVGFR9887
 DS_TIMER_CRON="0 22 * * *"
 ```
-Please contact your National Node to obtain this information.
+You must contact the Directory team for your national node to find the URL, and to register as a user.
-Optionally, you **may** change when you want Directory sync to run by specifying a [cron](https://crontab.guru) expression, e.g. `DS_TIMER_CRON="0 22 * * *"` for 10 pm every evening.
+Additionally, you should choose when you want Directory sync to run. In the example above, this is set to happen at 10 pm every evening. You can modify this to suit your requirements. The timer specification should follow the [cron](https://crontab.guru) convention.
 Once you edited the gitlab config, the bridgehead will autoupdate the config with the values and will sync the data.
--- a/bbmri/docker-compose.yml
+++ b/bbmri/docker-compose.yml
@ -4,14 +4,13 @@ version: "3.7"
 services:
  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
+    image: docker.verbis.dkfz.de/cache/samply/blaze:latest
    container_name: bridgehead-bbmri-blaze
    environment:
      BASE_URL: "http://bridgehead-bbmri-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
--- a/bbmri/modules/directory-sync-compose.yml
+++ b/bbmri/modules/directory-sync-compose.yml
@ -4,13 +4,7 @@ services:
  directory_sync_service:
    image: "docker.verbis.dkfz.de/cache/samply/directory_sync_service"
    environment:
-      DS_DIRECTORY_URL: ${DS_DIRECTORY_URL:-https://directory.bbmri-eric.eu}
+      DS_DIRECTORY_URL: ${DS_DIRECTORY_URL}
      DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME}
-      DS_DIRECTORY_USER_PASS: ${DS_DIRECTORY_USER_PASS}
+      DS_DIRECTORY_PASS_CODE: ${DS_DIRECTORY_PASS_CODE}
-      DS_TIMER_CRON: ${DS_TIMER_CRON:-0 22 * * *}
+      DS_TIMER_CRON: ${DS_TIMER_CRON}
      DS_DIRECTORY_ALLOW_STAR_MODEL: ${DS_DIRECTORY_ALLOW_STAR_MODEL:-true}
      DS_DIRECTORY_MOCK: ${DS_DIRECTORY_MOCK}
      DS_DIRECTORY_DEFAULT_COLLECTION_ID: ${DS_DIRECTORY_DEFAULT_COLLECTION_ID}
      DS_DIRECTORY_COUNTRY: ${DS_DIRECTORY_COUNTRY}
    depends_on:
      - "blaze"
--- a/bbmri/modules/eric-compose.yml
+++ b/bbmri/modules/eric-compose.yml
@ -16,7 +16,7 @@ services:
      - "blaze"
  beam-proxy-eric:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy-eric
    environment:
      BROKER_URL: ${ERIC_BROKER_URL}
--- a/bbmri/modules/gbn-compose.yml
+++ b/bbmri/modules/gbn-compose.yml
@ -16,7 +16,7 @@ services:
      - "blaze"
  beam-proxy-gbn:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy-gbn
    environment:
      BROKER_URL: ${GBN_BROKER_URL}
--- a/bbmri/vars
+++ b/bbmri/vars
@ -1,29 +1,10 @@
 BROKER_ID=broker-test.bbmri-test.samply.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 PLATFORM=bbmri
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 OIDC_USER_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})"
 OIDC_ADMIN_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})_Verwalter"
 OIDC_PUBLIC_CLIENT_ID="BBMRI_${SITE_ID}-public"
 # Use "test-realm-01" for testing
 OIDC_REALM="${OIDC_REALM:-test-realm-01}"
 OIDC_URL="https://login.verbis.dkfz.de"
 OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
 OIDC_GROUP_CLAIM="groups"
 POSTGRES_TAG=15.6-alpine
 # Makes sense for all European Biobanks
 : ${ENABLE_ERIC:=true}
 # Makes only sense for German Biobanks
 : ${ENABLE_GBN:=false}
-FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
+FOCUS_RETRY_COUNT=32
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 for module in $PROJECT/modules/*.sh
@ -32,13 +13,6 @@ do
    source $module
 done
 log DEBUG "sourcing ccp/modules/exporter-setup.sh"
 source ccp/modules/exporter-setup.sh
 log DEBUG "sourcing ccp/modules/teiler-setup.sh"
 source ccp/modules/teiler-setup.sh
 SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
 BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}"
--- a/24
+++ b/24
@ -32,18 +32,6 @@ case "$PROJECT" in
 	bbmri)
 		#nothing extra to do
 		;;
 	cce)
 		#nothing extra to do
 		;;
 	itcc)
 		#nothing extra to do
 		;;
 	kr)
 		#nothing extra to do
 		;;
 	dhki)
 		#nothing extra to do
 		;;
 	minimal)
 		#nothing extra to do
 		;;
@ -82,21 +70,17 @@ loadVars() {
 	# Set some project-independent default values
 	: ${ENVIRONMENT:=production}
 	export ENVIRONMENT
 	case "$ENVIRONMENT" in
 		"production")
 			export FOCUS_TAG=main
 			export BEAM_TAG=main
 			;;
 		"test")
 			export FOCUS_TAG=develop
 			export BEAM_TAG=develop
 			;;
 		*)
 			report_error 7 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!"
 			export FOCUS_TAG=main
 			export BEAM_TAG=main
 			;;
 	esac
 }
@ -106,8 +90,7 @@ case "$ACTION" in
 		loadVars
 		hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
 		checkRequirements
-		# NOTE: for testing only, we will need to properly setup secret sync if we want to use this code
+		sync_secrets
 		# sync_secrets
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;
@ -124,11 +107,6 @@ case "$ACTION" in
 		exit $?
 		;;
 	logs)
 		loadVars
 		shift 2
 		exec journalctl -u bridgehead@$PROJECT -u bridgehead-update@$PROJECT -a $@
 		;;
 	docker-logs)
 		loadVars
 		shift 2
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE logs -f $@
--- a/cce/docker-compose.yml
+++ b/cce/docker-compose.yml
@ -1,63 +0,0 @@
 version: "3.7"
 services:
  blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
    container_name: bridgehead-cce-blaze
    environment:
      BASE_URL: "http://bridgehead-cce-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_cce.rule=PathPrefix(`/cce-localdatamanagement`)"
      - "traefik.http.middlewares.cce_b_strip.stripprefix.prefixes=/cce-localdatamanagement"
      - "traefik.http.services.blaze_cce.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_cce.middlewares=cce_b_strip,auth"
      - "traefik.http.routers.blaze_cce.tls=true"
  focus:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID}
      PROXY_ID: ${PROXY_ID}
      BLAZE_URL: "http://bridgehead-cce-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - /srv/docker/bridgehead/cce/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data:
 secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/cce/modules/lens-compose.yml
+++ b/cce/modules/lens-compose.yml
@ -1,33 +0,0 @@
 version: "3.7"
 services:
  landing:
    container_name: lens_federated-search
    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
      - "traefik.http.services.landing.loadbalancer.server.port=80"
      - "traefik.http.routers.landing.tls=true"
  spot:
    image: docker.verbis.dkfz.de/ccp-private/central-spot
    environment:
      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
      BEAM_URL: http://beam-proxy:8081
      BEAM_PROXY_ID: ${SITE_ID}
      BEAM_BROKER_ID: ${BROKER_ID}
      BEAM_APP_ID: "focus"
      PROJECT_METADATA: "cce_supervisors"
    depends_on:
      - "beam-proxy"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.spot.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
      - "traefik.http.routers.spot.tls=true"
      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
--- a/cce/modules/lens-setup.sh
+++ b/cce/modules/lens-setup.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 if [ -n "$ENABLE_LENS" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
 fi
--- a/cce/root.crt.pem
+++ b/cce/root.crt.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
 MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
 TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
 OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
 XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
 pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
 K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
 poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
 A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
 AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
 fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
 3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
 n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
 7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
 Rtup0MTxSJtN
 -----END CERTIFICATE-----
--- a/cce/vars
+++ b/cce/vars
@ -1,14 +0,0 @@
 BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 for module in $PROJECT/modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@ -2,14 +2,13 @@ version: "3.7"
 services:
  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
+    image: docker.verbis.dkfz.de/cache/samply/blaze:latest
    container_name: bridgehead-ccp-blaze
    environment:
      BASE_URL: "http://bridgehead-ccp-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
@ -20,6 +19,27 @@ services:
      - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
      - "traefik.http.routers.blaze_ccp.tls=true"
  frontend:
    image: "samply/blaze-frontend:latest"
    environment:
      ORIGIN: "https://${HOST}/ccp-blaze-frontend"
      BACKEND_BASE_URL: "https://${HOST}/ccp-localdatamanagement"
      AUTH_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
      AUTH_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
      AUTH_ISSUER: "${OIDC_URL}"
      AUTH_SECRET: "666df42c74ce1f4728fe2ffe99b146e0f2e4b4f9810594fcf68c0330495bca0f" # TODO: Generate
      PROTOCOL_HEADER: "x-forwarded-proto"
      HOST_HEADER: "x-forwarded-host"
    depends_on:
      - blaze
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_frontend.rule=PathPrefix(`/ccp-blaze-frontend`)"
      - "traefik.http.middlewares.ccp_blaze_frontend_strip.stripprefix.prefixes=/ccp-blaze-frontend"
      - "traefik.http.routers.blaze_ccp.middlewares=ccp_blaze_frontend_strip"
      - "traefik.http.services.blaze_frontend.loadbalancer.server.port=3000"
      - "traefik.http.routers.blaze_frontend.tls=true"
  focus:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
@ -32,15 +52,12 @@ services:
      BEAM_PROXY_URL: http://beam-proxy:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
      QUERIES_TO_CACHE: '/queries_to_cache.conf'
    volumes:
      - /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
--- a/ccp/modules/adt2fhir-rest-compose.yml
+++ b/ccp/modules/adt2fhir-rest-compose.yml
@ -0,0 +1,18 @@
 version: "3.7"
 services:
  adt2fhir-rest:
    container_name: bridgehead-adt2fhir-rest
    image: docker.verbis.dkfz.de/ccp/adt2fhir-rest:main
    environment:
      IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
      MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
      SALT: ${LOCAL_SALT}
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.adt2fhir-rest.rule=PathPrefix(`/adt2fhir-rest`)"
      - "traefik.http.middlewares.adt2fhir-rest_strip.stripprefix.prefixes=/adt2fhir-rest"
      - "traefik.http.services.adt2fhir-rest.loadbalancer.server.port=8080"
      - "traefik.http.routers.adt2fhir-rest.tls=true"
      - "traefik.http.routers.adt2fhir-rest.middlewares=adt2fhir-rest_strip,auth"
--- a/ccp/modules/adt2fhir-rest-setup.sh
+++ b/ccp/modules/adt2fhir-rest-setup.sh
@ -0,0 +1,13 @@
 #!/bin/bash
 function adt2fhirRestSetup() {
  if [ -n "$ENABLE_ADT2FHIR_REST" ]; then
    log INFO "ADT2FHIR-REST setup detected -- will start adt2fhir-rest API."
    if [ ! -n "$IDMANAGER_LOCAL_PATIENTLIST_APIKEY" ]; then
      log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
      exit 1;
    fi
    OVERRIDE+=" -f ./$PROJECT/modules/adt2fhir-rest-compose.yml"
    LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
  fi
 }
--- a/ccp/modules/blaze-secondary-compose.yml
+++ b/ccp/modules/blaze-secondary-compose.yml
@ -1,32 +0,0 @@
 version: "3.7"
 services:
  blaze-secondary:
    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
    container_name: bridgehead-ccp-blaze-secondary
    environment:
      BASE_URL: "http://bridgehead-ccp-blaze-secondary:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-secondary-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze-secondary_ccp.rule=PathPrefix(`/ccp-localdatamanagement-secondary`)"
      - "traefik.http.middlewares.ccp_b-secondary_strip.stripprefix.prefixes=/ccp-localdatamanagement-secondary"
      - "traefik.http.services.blaze-secondary_ccp.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze-secondary_ccp.middlewares=ccp_b-secondary_strip,auth"
      - "traefik.http.routers.blaze-secondary_ccp.tls=true"
  obds2fhir-rest:
    environment:
      STORE_PATH: ${STORE_PATH:-http://blaze:8080/fhir}
  exporter:
    environment:
      BLAZE_HOST: "blaze-secondary"
 volumes:
  blaze-secondary-data:
--- a/ccp/modules/blaze-secondary-setup.sh
+++ b/ccp/modules/blaze-secondary-setup.sh
@ -1,11 +0,0 @@
 #!/bin/bash
 function blazeSecondarySetup() {
  if [ -n "$ENABLE_SECONDARY_BLAZE" ]; then
    log INFO "Secondary Blaze setup detected -- will start second blaze."
    OVERRIDE+=" -f ./$PROJECT/modules/blaze-secondary-compose.yml"
    #make oBDS2FHIR ignore ID-Management and replace target Blaze
    PATIENTLIST_URL=" "
    STORE_PATH="http://blaze-secondary:8080/fhir"
  fi
 }
--- a/ccp/modules/datashield-compose.yml
+++ b/ccp/modules/datashield-compose.yml
@ -151,7 +151,7 @@ services:
      --pass-access-token=false
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
+      - "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`, `/oauth2/callback`)"
      - "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
      - "traefik.http.routers.oauth2_proxy.tls=true"
    environment:
--- a/ccp/modules/datashield-setup.sh
+++ b/ccp/modules/datashield-setup.sh
@ -33,7 +33,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
  echo "$sites" | docker_jq -n --args '[{
    "external": "'"$SITE_ID"':443",
    "internal": "opal:8443",
-    "allowed": input | map("\(.).'"$BROKER_ID"'")
+    "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'")
  }]' >/tmp/bridgehead/opal-map/local.json
  if [ "$USER" == "root" ]; then
    chown -R bridgehead:docker /tmp/bridgehead
--- a/ccp/modules/datashield-sites.json
+++ b/ccp/modules/datashield-sites.json
@ -10,6 +10,5 @@
    "essen",
    "dktk-datashield-test",
    "dktk-test",
-    "mannheim",
+    "mannheim"
    "central-ds-orchestrator"
 ]
--- a/ccp/modules/datashield.md
+++ b/ccp/modules/datashield.md
@ -1,5 +1,5 @@
 # DataSHIELD
-This module constitutes the infrastructure to run DataSHIELD within the bridgehead. 
+This module constitutes the infrastructure to run DataSHIELD within the bridghead. 
 For more information about DataSHIELD, please visit https://www.datashield.org/
 ## R-Studio
--- a/ccp/modules/exporter-compose.yml
+++ b/ccp/modules/exporter-compose.yml
@ -3,7 +3,7 @@ version: "3.7"
 services:
  exporter:
    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
-    container_name: bridgehead-${PLATFORM}-exporter
+    container_name: bridgehead-ccp-exporter
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      LOG_LEVEL: "INFO"
@ -12,39 +12,39 @@ services:
      EXPORTER_DB_USER: "exporter"
      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
-      HTTP_RELATIVE_PATH: "/${PLATFORM}-exporter"
+      HTTP_RELATIVE_PATH: "/ccp-exporter"
      SITE: "${SITE_ID}"
      HTTP_SERVLET_REQUEST_SCHEME: "https"
      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.exporter_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-exporter`)"
+      - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
-      - "traefik.http.services.exporter_${PLATFORM}.loadbalancer.server.port=8092"
+      - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
-      - "traefik.http.routers.exporter_${PLATFORM}.tls=true"
+      - "traefik.http.routers.exporter_ccp.tls=true"
-      - "traefik.http.middlewares.exporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-exporter"
+      - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
-      - "traefik.http.routers.exporter_${PLATFORM}.middlewares=exporter_${PLATFORM}_strip"
+      - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
    volumes:
-      - "/var/cache/bridgehead/${PLATFORM}/exporter-files:/app/exporter-files/output"
+      - "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
  exporter-db:
    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-${PLATFORM}-exporter-db
+    container_name: bridgehead-ccp-exporter-db
    environment:
      POSTGRES_USER: "exporter"
      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
      POSTGRES_DB: "exporter"
    volumes:
      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
-      - "/var/cache/bridgehead/${PLATFORM}/exporter-db:/var/lib/postgresql/data"
+      - "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
  reporter:
    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
-    container_name: bridgehead-${PLATFORM}-reporter
+    container_name: bridgehead-ccp-reporter
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      LOG_LEVEL: "INFO"
      CROSS_ORIGINS: "https://${HOST}"
-      HTTP_RELATIVE_PATH: "/${PLATFORM}-reporter"
+      HTTP_RELATIVE_PATH: "/ccp-reporter"
      SITE: "${SITE_ID}"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
      EXPORTER_URL: "http://exporter:8092"
@ -57,11 +57,11 @@ services:
    # There is a risk that the bridgehead restarts, losing the already created export.
    volumes:
-      - "/var/cache/bridgehead/${PLATFORM}/reporter-files:/app/reports"
+      - "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.reporter_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-reporter`)"
+      - "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
-      - "traefik.http.services.reporter_${PLATFORM}.loadbalancer.server.port=8095"
+      - "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
-      - "traefik.http.routers.reporter_${PLATFORM}.tls=true"
+      - "traefik.http.routers.reporter_ccp.tls=true"
-      - "traefik.http.middlewares.reporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-reporter"
+      - "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
-      - "traefik.http.routers.reporter_${PLATFORM}.middlewares=reporter_${PLATFORM}_strip"
+      - "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
--- a/ccp/modules/exporter-setup.sh
+++ b/ccp/modules/exporter-setup.sh
@ -2,7 +2,7 @@
 if [ "$ENABLE_EXPORTER" == true ]; then
  log INFO "Exporter setup detected -- will start Exporter service."
-  OVERRIDE+=" -f ./ccp/modules/exporter-compose.yml"
+  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
 fi
--- a/ccp/modules/fhir2sql-compose.yml
+++ b/ccp/modules/fhir2sql-compose.yml
@ -1,25 +0,0 @@
 version: "3.7"
 services:
  fhir2sql:
    depends_on:
      - "dashboard-db"
      - "blaze"
    image: docker.verbis.dkfz.de/cache/samply/fhir2sql:latest
    container_name: bridgehead-ccp-dashboard-fhir2sql
    environment:
      BLAZE_BASE_URL: "http://bridgehead-ccp-blaze:8080"
      PG_HOST: "dashboard-db"
      PG_USERNAME: "dashboard"
      PG_PASSWORD: "${DASHBOARD_DB_PASSWORD}" # Set in dashboard-setup.sh
      PG_DBNAME: "dashboard"
  dashboard-db:
    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
    container_name: bridgehead-ccp-dashboard-db
    environment:
      POSTGRES_USER: "dashboard"
      POSTGRES_PASSWORD: "${DASHBOARD_DB_PASSWORD}" # Set in dashboard-setup.sh
      POSTGRES_DB: "dashboard"
    volumes:
      - "/var/cache/bridgehead/ccp/dashboard-db:/var/lib/postgresql/data"
--- a/ccp/modules/fhir2sql-setup.sh
+++ b/ccp/modules/fhir2sql-setup.sh
@ -1,7 +0,0 @@
 #!/bin/bash -e
 if [ "$ENABLE_FHIR2SQL" == true ]; then
  log INFO "Dashboard setup detected -- will start Dashboard backend and FHIR2SQL service."
  OVERRIDE+=" -f ./$PROJECT/modules/fhir2sql-compose.yml"
  DASHBOARD_DB_PASSWORD="$(generate_simple_password 'fhir2sql')"
 fi
--- a/ccp/modules/fhir2sql.md
+++ b/ccp/modules/fhir2sql.md
@ -1,36 +0,0 @@
 # fhir2sql
 fhir2sql connects to Blaze, retrieves data, and syncs it with a PostgreSQL database. The application is designed to run continuously, syncing data at regular intervals.
 The Dashboard module is a optional component of the Bridgehead CCP setup. When enabled, it starts two Docker services: **fhir2sql** and **dashboard-db**. Data held in PostgreSQL is only stored temporarily and Blaze is considered to be the 'leading system' or 'source of truth'.
 ## Services
 ### fhir2sql
 * Image: docker.verbis.dkfz.de/cache/samply/fhir2sql:latest
 * Container name: bridgehead-ccp-dashboard-fhir2sql
 * Depends on: dashboard-db
 * Environment variables:
  - BLAZE_BASE_URL: The base URL of the Blaze FHIR server (set to http://blaze:8080/fhir/)
  - PG_HOST: The hostname of the PostgreSQL database (set to dashboard-db)
  - PG_USERNAME: The username for the PostgreSQL database (set to dashboard)
  - PG_PASSWORD: The password for the PostgreSQL database (set to the value of DASHBOARD_DB_PASSWORD)
  - PG_DBNAME: The name of the PostgreSQL database (set to dashboard)
 ### dashboard-db
 * Image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
 * Container name: bridgehead-ccp-dashboard-db
 * Environment variables:
  - POSTGRES_USER: The username for the PostgreSQL database (set to dashboard)
  - POSTGRES_PASSWORD: The password for the PostgreSQL database (set to the value of DASHBOARD_DB_PASSWORD)
  - POSTGRES_DB: The name of the PostgreSQL database (set to dashboard)
 * Volumes:
  - /var/cache/bridgehead/ccp/dashboard-db:/var/lib/postgresql/data
 The volume used by dashboard-db can be removed safely and should be restored to a working order by re-importing data from Blaze.
 ### Environment Variables
 * DASHBOARD_DB_PASSWORD: A generated password for the PostgreSQL database, created using a salt string and the SHA1 hash function.
 * POSTGRES_TAG: The tag of the PostgreSQL image to use (not set in this module, but required by the dashboard-db service).
 ### Setup
 To enable the Dashboard module, set the ENABLE_FHIR2SQL environment variable to true. The dashboard-setup.sh script will then start the fhir2sql and dashboard-db services, using the environment variables and volumes defined above.
--- a/ccp/modules/id-management-compose.yml
+++ b/ccp/modules/id-management-compose.yml
@ -14,23 +14,15 @@ services:
      MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_READ_APIKEY}
      MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
      MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
      MAGICPL_OIDC_CLIENT_ID: ${IDMANAGER_AUTH_CLIENT_ID}
      MAGICPL_OIDC_CLIENT_SECRET: ${IDMANAGER_AUTH_CLIENT_SECRET}
    depends_on:
      - patientlist
      - traefik-forward-auth
    labels:
      - "traefik.enable=true"
      # Router with Authentication
      - "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)"
      - "traefik.http.services.id-manager.loadbalancer.server.port=8080"
      - "traefik.http.routers.id-manager.tls=true"
      - "traefik.http.routers.id-manager.middlewares=traefik-forward-auth-idm"
      - "traefik.http.routers.id-manager.service=id-manager-service"
      # Router without Authentication
      - "traefik.http.routers.id-manager-compatibility.rule=PathPrefix(`/id-manager/paths/translator/getIds`)"
      - "traefik.http.routers.id-manager-compatibility.tls=true"
      - "traefik.http.routers.id-manager-compatibility.service=id-manager-service"
      # Definition of Service
      - "traefik.http.services.id-manager-service.loadbalancer.server.port=8080"
      - "traefik.http.services.id-manager-service.loadbalancer.server.scheme=http"
  patientlist:
    image: docker.verbis.dkfz.de/bridgehead/mainzelliste
@ -64,42 +56,5 @@ services:
      # NOTE: Add backups here. This is only imported if /var/lib/bridgehead/data/patientlist/ is empty!!!
      - "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
  traefik-forward-auth:
    image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
    environment:
      - http_proxy=http://forward_proxy:3128
      - https_proxy=http://forward_proxy:3128
      - OAUTH2_PROXY_PROVIDER=oidc
      - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
      - OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.verbis.dkfz.de/realms/master
      - OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
      - OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
      - OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
      - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
      - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
      - OAUTH2_PROXY_HTTP_ADDRESS=:4180
      - OAUTH2_PROXY_REVERSE_PROXY=true
      - OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
      - OAUTH2_PROXY_UPSTREAMS=static://202
      - OAUTH2_PROXY_EMAIL_DOMAINS=*
      - OAUTH2_PROXY_SCOPE=openid profile email
      # Pass Authorization Header and some user information to backend services
      - OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
      - OAUTH2_PROXY_SET_XAUTHREQUEST=true
      # Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
      - OAUTH2_PROXY_COOKIE_REFRESH=60s
      - OAUTH2_PROXY_ALLOWED_GROUPS=DKTK-CCP-PPSN
      - OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4180"
      - "traefik.http.routers.traefik-forward-auth.rule=Host(`${HOST}`) && PathPrefix(`/oauth2-idm`)"
      - "traefik.http.routers.traefik-forward-auth.tls=true"
      - "traefik.http.middlewares.traefik-forward-auth-idm.forwardauth.address=http://traefik-forward-auth:4180"
      - "traefik.http.middlewares.traefik-forward-auth-idm.forwardauth.authResponseHeaders=Authorization"
    depends_on:
      forward_proxy:
        condition: service_healthy
 volumes:
  patientlist-db-data:
--- a/ccp/modules/id-management-setup.sh
+++ b/ccp/modules/id-management-setup.sh
@ -3,7 +3,7 @@
 function idManagementSetup() {
 	if [ -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
 		log INFO "id-management setup detected -- will start id-management (mainzelliste & magicpl)."
-		OVERRIDE+=" -f ./ccp/modules/id-management-compose.yml"
+		OVERRIDE+=" -f ./$PROJECT/modules/id-management-compose.yml"
 		# Auto Generate local Passwords
 		PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
--- a/ccp/modules/mtba-setup.sh
+++ b/ccp/modules/mtba-setup.sh
@ -5,6 +5,7 @@ function mtbaSetup() {
    log INFO "MTBA setup detected -- will start MTBA Service and CBioPortal."
    if [ ! -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
      log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
      exit 1;
    fi
    OVERRIDE+=" -f ./$PROJECT/modules/mtba-compose.yml"
    add_private_oidc_redirect_url "/mtba/*"
--- a/ccp/modules/obds2fhir-rest-compose.yml
+++ b/ccp/modules/obds2fhir-rest-compose.yml
@ -1,20 +0,0 @@
 version: "3.7"
 services:
  obds2fhir-rest:
    container_name: bridgehead-obds2fhir-rest
    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
    environment:
      IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
      MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
      SALT: ${LOCAL_SALT}
      KEEP_INTERNAL_ID: ${KEEP_INTERNAL_ID:-false}
      MAINZELLISTE_URL: ${PATIENTLIST_URL:-http://patientlist:8080/patientlist}
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.obds2fhir-rest.rule=PathPrefix(`/obds2fhir-rest`) || PathPrefix(`/adt2fhir-rest`)"
      - "traefik.http.middlewares.obds2fhir-rest_strip.stripprefix.prefixes=/obds2fhir-rest,/adt2fhir-rest"
      - "traefik.http.services.obds2fhir-rest.loadbalancer.server.port=8080"
      - "traefik.http.routers.obds2fhir-rest.tls=true"
      - "traefik.http.routers.obds2fhir-rest.middlewares=obds2fhir-rest_strip,auth"
--- a/ccp/modules/obds2fhir-rest-setup.sh
+++ b/ccp/modules/obds2fhir-rest-setup.sh
@ -1,13 +0,0 @@
 #!/bin/bash
 function obds2fhirRestSetup() {
  if [ -n "$ENABLE_OBDS2FHIR_REST" ]; then
    log INFO "oBDS2FHIR-REST setup detected -- will start obds2fhir-rest module."
    if [ ! -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
      log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
      PATIENTLIST_URL=" "
    fi
    OVERRIDE+=" -f ./ccp/modules/obds2fhir-rest-compose.yml"
    LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
  fi
 }
--- a/ccp/modules/teiler-compose.yml
+++ b/ccp/modules/teiler-compose.yml
@ -7,31 +7,30 @@ services:
    container_name: bridgehead-teiler-orchestrator
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler`)"
+      - "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
-      - "traefik.http.services.teiler_orchestrator_${PLATFORM}.loadbalancer.server.port=9000"
+      - "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
-      - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.tls=true"
+      - "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_orchestrator_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler"
+      - "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
-      - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.middlewares=teiler_orchestrator_${PLATFORM}_strip"
+      - "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
    environment:
-      TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
+      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
-      TEILER_DASHBOARD_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard"
+      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
-      HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
+      HTTP_RELATIVE_PATH: "/ccp-teiler"
  teiler-dashboard:
-    #image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
    image:  docker.verbis.dkfz.de/ccp/samply/teiler-dashboard:bbmri
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_dashboard_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-dashboard`)"
+      - "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
-      - "traefik.http.services.teiler_dashboard_${PLATFORM}.loadbalancer.server.port=80"
+      - "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
-      - "traefik.http.routers.teiler_dashboard_${PLATFORM}.tls=true"
+      - "traefik.http.routers.teiler_dashboard_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_dashboard_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-dashboard"
+      - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
-      - "traefik.http.routers.teiler_dashboard_${PLATFORM}.middlewares=teiler_dashboard_${PLATFORM}_strip"
+      - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
    environment:
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
+      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
      OIDC_URL: "${OIDC_URL}"
      OIDC_REALM: "${OIDC_REALM}"
      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -41,42 +40,42 @@ services:
      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
      TEILER_PROJECT: "${PROJECT}"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
-      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler-dashboard"
+      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
      TEILER_USER: "${OIDC_USER_GROUP}"
      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
-      REPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}-qb"
+      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
-      EXPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}"
+      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
  teiler-backend:
-    image: docker.verbis.dkfz.de/ccp/${PROJECT}-teiler-backend:latest
+    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
    container_name: bridgehead-teiler-backend
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_backend_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-backend`)"
+      - "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
-      - "traefik.http.services.teiler_backend_${PLATFORM}.loadbalancer.server.port=8085"
+      - "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
-      - "traefik.http.routers.teiler_backend_${PLATFORM}.tls=true"
+      - "traefik.http.routers.teiler_backend_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_backend_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-backend"
+      - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
-      - "traefik.http.routers.teiler_backend_${PLATFORM}.middlewares=teiler_backend_${PLATFORM}_strip"
+      - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
    environment:
      LOG_LEVEL: "INFO"
      APPLICATION_PORT: "8085"
      APPLICATION_ADDRESS: "${HOST}"
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      CONFIG_ENV_VAR_PATH: "/run/secrets/project-conf"
+      CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
+      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
-      TEILER_DASHBOARD_DE_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/de"
+      TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
-      TEILER_DASHBOARD_EN_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/en"
+      TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
      CENTRAX_URL: "${CENTRAXX_URL}"
      HTTP_PROXY: "http://forward_proxy:3128"
      ENABLE_MTBA: "${ENABLE_MTBA}"
      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
    secrets:
-      - project-conf
+      - ccp.conf
 secrets:
-  project-conf:
+  ccp.conf:
-    file: "/etc/bridgehead/${PROJECT}.conf"
+    file: /etc/bridgehead/ccp.conf
--- a/ccp/modules/teiler-setup.sh
+++ b/ccp/modules/teiler-setup.sh
@ -2,7 +2,7 @@
 if [ "$ENABLE_TEILER" == true ];then
  log INFO "Teiler setup detected -- will start Teiler services."
-  OVERRIDE+=" -f ./ccp/modules/teiler-compose.yml"
+  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
  TEILER_DEFAULT_LANGUAGE=DE
  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
  add_public_oidc_redirect_url "/ccp-teiler/*"
--- a/ccp/queries_to_cache.conf
+++ b/ccp/queries_to_cache.conf
@ -1,2 +0,0 @@
 bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19TVFJBVF9ISVNUT0xPR1lfU1RSQVRJRklFUgpES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KdHJ1ZQ==
 bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgogIERLVEtfU1RSQVRfSElTVE9MT0dZX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQgCigoZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDcvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg1MDAvMycpKQ==
--- a/ccp/vars
+++ b/ccp/vars
@ -2,10 +2,9 @@ BROKER_ID=broker.ccp-it.dktk.dkfz.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
+FOCUS_RETRY_COUNT=32
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 PLATFORM=ccp
 BROKER_URL_FOR_PREREQ=$BROKER_URL
@ -18,6 +17,7 @@ OIDC_REALM="${OIDC_REALM:-master}"
 OIDC_URL="https://login.verbis.dkfz.de"
 OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
 OIDC_GROUP_CLAIM="groups"
 add_private_oidc_redirect_url "/ccp-localdatamanagement"
 POSTGRES_TAG=15.6-alpine
@ -29,5 +29,4 @@ done
 idManagementSetup
 mtbaSetup
-obds2fhirRestSetup
+adt2fhirRestSetup
 blazeSecondarySetup
--- a/dhki/docker-compose.yml
+++ b/dhki/docker-compose.yml
@ -1,66 +0,0 @@
 version: "3.7"
 services:
  blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
    container_name: bridgehead-dhki-blaze
    environment:
      BASE_URL: "http://bridgehead-dhki-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_dhki.rule=PathPrefix(`/dhki-localdatamanagement`)"
      - "traefik.http.middlewares.dhki_b_strip.stripprefix.prefixes=/dhki-localdatamanagement"
      - "traefik.http.services.blaze_dhki.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_dhki.middlewares=dhki_b_strip,auth"
      - "traefik.http.routers.blaze_dhki.tls=true"
  focus:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID}
      PROXY_ID: ${PROXY_ID}
      BLAZE_URL: "http://bridgehead-dhki-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
      QUERIES_TO_CACHE: '/queries_to_cache.conf'
    volumes:
      - /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - /srv/docker/bridgehead/dhki/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data:
 secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/dhki/queries_to_cache.conf
+++ b/dhki/queries_to_cache.conf
@ -1,2 +0,0 @@
 bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwoKY29udGV4dCBQYXRpZW50CgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0FHRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRIS0lfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREhLSV9TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCkRIS0lfU1RSQVRfRU5DT1VOVEVSX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU=
 bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwpjb2Rlc3lzdGVtIGljZDEwOiAnaHR0cDovL2ZoaXIuZGUvQ29kZVN5c3RlbS9iZmFybS9pY2QtMTAtZ20nCmNvZGVzeXN0ZW0gbW9ycGg6ICd1cm46b2lkOjIuMTYuODQwLjEuMTEzODgzLjYuNDMuMScKCmNvbnRleHQgUGF0aWVudAoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9BR0VfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpESEtJX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRIS0lfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgpESEtJX1NUUkFUX0VOQ09VTlRFUl9TVFJBVElGSUVSCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTgooKChleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzM0LjknIGZyb20gaWNkMTBdKSBvcgooZXhpc3RzIFtDb25kaXRpb246IENvZGUgJ0MzNC44JyBmcm9tIGljZDEwXSkgb3IKKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDMzQuMCcgZnJvbSBpY2QxMF0pIG9yCihleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzM0LjInIGZyb20gaWNkMTBdKSBvcgooZXhpc3RzIFtDb25kaXRpb246IENvZGUgJ0MzNC4xJyBmcm9tIGljZDEwXSkgb3IKKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDMzQuMycgZnJvbSBpY2QxMF0pKSBhbmQKKChleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODE0MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQxLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDMvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODE0Ny8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MjUwLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgyNTEvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODI1Mi8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MjUzLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgyNTUvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODI2MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MzEwLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgzMzMvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODQ3MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NDgwLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0OTAvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODU1MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MDUyLzMnKSkp
--- a/dhki/root.crt.pem
+++ b/dhki/root.crt.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUSWUPebUMNfJvPKMjdgX+WiH+OXgwDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTA1MDg1NTM4WhcNMzQw
 MTAyMDg1NjA4WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAL/nvo9Bn1/6Z/K4BKoLM6/mVziM4cmXTVx4npVz
 pnptwPPFU4rz47akRZ6ZMD5MO0bsyvaxG1nwVrW3aAGC42JIGTdZHKwMKrd35sxw
 k3YlGJagGUs+bKHUCL55OcSmyDWlh/UhA8+eeJWjOt9u0nYXv+vi+N4JSHA0oC9D
 bTF1v+7blrTQagf7PTPSF3pe22iXOjJYdOkZMWoMoNAjn6F958fkLNLY3csOZwvP
 /3eyNNawyAEPWeIm33Zk630NS8YHggz6WCqwXvuaKb6910mRP8jgauaYsqgsOyDt
 pbWuvk//aZWdGeN9RNsAA8eGppygiwm/m9eRC6I0shDwv6ECAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFn/dbW1J3ry
 7TBzbKo3H4vJr2MiMB8GA1UdIwQYMBaAFFn/dbW1J3ry7TBzbKo3H4vJr2MiMBYG
 A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCa2V8B8aad
 XNDS1EUIi9oMdvGvkolcdFwx9fI++qu9xSIaZs5GETHck3oYKZF0CFP5ESnKDn5w
 enWgm5M0y+hVZppzB163WmET1efBXwrdyn8j4336NjX352h63JGWCaI2CfZ1qG1p
 kf5W9CVXllSFaJe5r994ovgyHvK2ucWwe8l8iMJbQhH79oKi/9uJMCD6aUXnpg1K
 nPHW1lsVx6foqYWijdBdtFU2i7LSH2OYo0nb1PgRnY/SABV63JHfJnqW9dZy4f7G
 rpsvvrmFrKmEnCZH0n6qveY3Z5bMD94Yx0ebkCTYEqAw3pV65gwxrzBTpEg6dgF0
 eG0eKFUS0REJ
 -----END CERTIFICATE-----
--- a/dhki/vars
+++ b/dhki/vars
@ -1,20 +0,0 @@
 BROKER_ID=broker.hector.dkfz.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 POSTGRES_TAG=15.6-alpine
 for module in ccp/modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
 idManagementSetup
 obds2fhirRestSetup
--- a/itcc/docker-compose.yml
+++ b/itcc/docker-compose.yml
@ -1,63 +0,0 @@
 version: "3.7"
 services:
  blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
    container_name: bridgehead-itcc-blaze
    environment:
      BASE_URL: "http://bridgehead-itcc-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)"
      - "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement"
      - "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth"
      - "traefik.http.routers.blaze_itcc.tls=true"
  focus:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID}
      PROXY_ID: ${PROXY_ID}
      BLAZE_URL: "http://bridgehead-itcc-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data:
 secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/itcc/modules/lens-compose.yml
+++ b/itcc/modules/lens-compose.yml
@ -1,33 +0,0 @@
 version: "3.7"
 services:
  landing:
    container_name: lens_federated-search
    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
      - "traefik.http.services.landing.loadbalancer.server.port=80"
      - "traefik.http.routers.landing.tls=true"
  spot:
    image: docker.verbis.dkfz.de/ccp-private/central-spot
    environment:
      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
      BEAM_URL: http://beam-proxy:8081
      BEAM_PROXY_ID: ${SITE_ID}
      BEAM_BROKER_ID: ${BROKER_ID}
      BEAM_APP_ID: "focus"
      PROJECT_METADATA: "dktk_supervisors"
    depends_on:
      - "beam-proxy"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.spot.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
      - "traefik.http.routers.spot.tls=true"
      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
--- a/itcc/modules/lens-setup.sh
+++ b/itcc/modules/lens-setup.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 if [ -n "$ENABLE_LENS" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
 fi
--- a/itcc/root.crt.pem
+++ b/itcc/root.crt.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
 MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
 TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
 OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
 XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
 pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
 K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
 poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
 A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
 AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
 fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
 3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
 n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
 7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
 Rtup0MTxSJtN
 -----END CERTIFICATE-----
--- a/itcc/vars
+++ b/itcc/vars
@ -1,14 +0,0 @@
 BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 for module in $PROJECT/modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
--- a/kr/docker-compose.yml
+++ b/kr/docker-compose.yml
@ -1,67 +0,0 @@
 version: "3.7"
 services:
  landing:
    deploy:
      replicas: 0 #deactivate landing page
  blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
    container_name: bridgehead-kr-blaze
    environment:
      BASE_URL: "http://bridgehead-kr-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_kr.rule=PathPrefix(`/kr-localdatamanagement`)"
      - "traefik.http.middlewares.kr_b_strip.stripprefix.prefixes=/kr-localdatamanagement"
      - "traefik.http.services.blaze_kr.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_kr.middlewares=kr_b_strip,auth"
      - "traefik.http.routers.blaze_kr.tls=true"
  focus:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID}
      PROXY_ID: ${PROXY_ID}
      BLAZE_URL: "http://bridgehead-kr-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - /srv/docker/bridgehead/kr/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data:
 secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/kr/modules/export-and-qb.curl-templates
+++ b/kr/modules/export-and-qb.curl-templates
@ -1,6 +0,0 @@
 # Full Excel Export
 curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
 --header 'x-api-key: ${EXPORT_API_KEY}'
 # QB
 curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'
--- a/kr/modules/exporter-compose.yml
+++ b/kr/modules/exporter-compose.yml
@ -1,67 +0,0 @@
 version: "3.7"
 services:
  exporter:
    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
    container_name: bridgehead-ccp-exporter
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      LOG_LEVEL: "INFO"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
      CROSS_ORIGINS: "https://${HOST}"
      EXPORTER_DB_USER: "exporter"
      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
      HTTP_RELATIVE_PATH: "/ccp-exporter"
      SITE: "${SITE_ID}"
      HTTP_SERVLET_REQUEST_SCHEME: "https"
      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
      - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
      - "traefik.http.routers.exporter_ccp.tls=true"
      - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
      - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
    volumes:
      - "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
  exporter-db:
    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
    container_name: bridgehead-ccp-exporter-db
    environment:
      POSTGRES_USER: "exporter"
      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
      POSTGRES_DB: "exporter"
    volumes:
      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
      - "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
  reporter:
    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
    container_name: bridgehead-ccp-reporter
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      LOG_LEVEL: "INFO"
      CROSS_ORIGINS: "https://${HOST}"
      HTTP_RELATIVE_PATH: "/ccp-reporter"
      SITE: "${SITE_ID}"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
      EXPORTER_URL: "http://exporter:8092"
      LOG_FHIR_VALIDATION: "false"
      HTTP_SERVLET_REQUEST_SCHEME: "https"
    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
    # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
    # a process that can take several hours, because it depends on the exporter.
    # There is a risk that the bridgehead restarts, losing the already created export.
    volumes:
      - "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
      - "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
      - "traefik.http.routers.reporter_ccp.tls=true"
      - "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
      - "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
--- a/kr/modules/exporter-setup.sh
+++ b/kr/modules/exporter-setup.sh
@ -1,8 +0,0 @@
 #!/bin/bash -e
 if [ "$ENABLE_EXPORTER" == true ]; then
  log INFO "Exporter setup detected -- will start Exporter service."
  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
 fi
--- a/kr/modules/exporter.md
+++ b/kr/modules/exporter.md
@ -1,15 +0,0 @@
 # Exporter and Reporter
 ## Exporter
 The exporter is a REST API that exports the data of the different databases of the bridgehead in a set of tables.
 It can accept different output formats as CSV, Excel, JSON or XML. It can also export data into Opal.
 ## Exporter-DB
 It is a database to save queries for its execution in the exporter. 
 The exporter manages also the different executions of the same query in through the database.
 ## Reporter
 This component is a plugin of the exporter that allows to create more complex Excel reports described in templates.
 It is compatible with different template engines as Groovy, Thymeleaf,...
 It is perfect to generate a document as our traditional CCP quality report.
--- a/kr/modules/lens-compose.yml
+++ b/kr/modules/lens-compose.yml
@ -1,35 +0,0 @@
 version: "3.7"
 services:
  landing:
    deploy:
      replicas: 1 #reactivate if lens is in use
    container_name: lens_federated-search
    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
      - "traefik.http.services.landing.loadbalancer.server.port=80"
      - "traefik.http.routers.landing.tls=true"
  spot:
    image: docker.verbis.dkfz.de/ccp-private/central-spot
    environment:
      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
      BEAM_URL: http://beam-proxy:8081
      BEAM_PROXY_ID: ${SITE_ID}
      BEAM_BROKER_ID: ${BROKER_ID}
      BEAM_APP_ID: "focus"
      PROJECT_METADATA: "kr_supervisors"
    depends_on:
      - "beam-proxy"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.spot.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
      - "traefik.http.routers.spot.tls=true"
      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
--- a/kr/modules/lens-setup.sh
+++ b/kr/modules/lens-setup.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 if [ -n "$ENABLE_LENS" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
 fi
--- a/kr/modules/obds2fhir-rest-compose.yml
+++ b/kr/modules/obds2fhir-rest-compose.yml
@ -1,20 +0,0 @@
 version: "3.7"
 services:
  obds2fhir-rest:
    container_name: bridgehead-obds2fhir-rest
    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
    environment:
      IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
      MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
      SALT: ${LOCAL_SALT}
      KEEP_INTERNAL_ID: ${KEEP_INTERNAL_ID:-false}
      MAINZELLISTE_URL: ${PATIENTLIST_URL:-http://patientlist:8080/patientlist}
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.obds2fhir-rest.rule=PathPrefix(`/obds2fhir-rest`) || PathPrefix(`/adt2fhir-rest`)"
      - "traefik.http.middlewares.obds2fhir-rest_strip.stripprefix.prefixes=/obds2fhir-rest,/adt2fhir-rest"
      - "traefik.http.services.obds2fhir-rest.loadbalancer.server.port=8080"
      - "traefik.http.routers.obds2fhir-rest.tls=true"
      - "traefik.http.routers.obds2fhir-rest.middlewares=obds2fhir-rest_strip,auth"
--- a/kr/modules/obds2fhir-rest-setup.sh
+++ b/kr/modules/obds2fhir-rest-setup.sh
@ -1,13 +0,0 @@
 #!/bin/bash
 function obds2fhirRestSetup() {
  if [ -n "$ENABLE_OBDS2FHIR_REST" ]; then
    log INFO "oBDS2FHIR-REST setup detected -- will start obds2fhir-rest module."
    if [ ! -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
      log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
      PATIENTLIST_URL=" "
    fi
    OVERRIDE+=" -f ./$PROJECT/modules/obds2fhir-rest-compose.yml"
    LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
  fi
 }
--- a/kr/modules/teiler-compose.yml
+++ b/kr/modules/teiler-compose.yml
@ -1,81 +0,0 @@
 version: "3.7"
 services:
  teiler-orchestrator:
    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
    container_name: bridgehead-teiler-orchestrator
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
      - "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
      - "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
      - "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
      - "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
    environment:
      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
      HTTP_RELATIVE_PATH: "/ccp-teiler"
  teiler-dashboard:
    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
      - "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
      - "traefik.http.routers.teiler_dashboard_ccp.tls=true"
      - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
      - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
    environment:
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
      OIDC_URL: "${OIDC_URL}"
      OIDC_REALM: "${OIDC_REALM}"
      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
      TEILER_PROJECT: "${PROJECT}"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
      TEILER_USER: "${OIDC_USER_GROUP}"
      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
  teiler-backend:
    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
    container_name: bridgehead-teiler-backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
      - "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
      - "traefik.http.routers.teiler_backend_ccp.tls=true"
      - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
      - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
    environment:
      LOG_LEVEL: "INFO"
      APPLICATION_PORT: "8085"
      APPLICATION_ADDRESS: "${HOST}"
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
      CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
      TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
      TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
      CENTRAX_URL: "${CENTRAXX_URL}"
      HTTP_PROXY: "http://forward_proxy:3128"
      ENABLE_MTBA: "${ENABLE_MTBA}"
      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
    secrets:
      - ccp.conf
 secrets:
  ccp.conf:
    file: /etc/bridgehead/ccp.conf
--- a/kr/modules/teiler-setup.sh
+++ b/kr/modules/teiler-setup.sh
@ -1,9 +0,0 @@
 #!/bin/bash -e
 if [ "$ENABLE_TEILER" == true ];then
  log INFO "Teiler setup detected -- will start Teiler services."
  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
  TEILER_DEFAULT_LANGUAGE=DE
  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
  add_public_oidc_redirect_url "/ccp-teiler/*"
 fi
--- a/kr/modules/teiler.md
+++ b/kr/modules/teiler.md
@ -1,19 +0,0 @@
 # Teiler
 This module orchestrates the different microfrontends of the bridgehead as a single page application.  
 ## Teiler Orchestrator
 Single SPA component that consists on the root HTML site of the single page application and a javascript code that
 gets the information about the microfrontend calling the teiler backend and is responsible for registering them. With the
 resulting mapping, it can initialize, mount and unmount the required microfrontends on the fly. 
 The microfrontends run independently in different containers and can be based on different frameworks (Angular, Vue, React,...)
 This microfrontends can run as single alone but need an extension with Single-SPA (https://single-spa.js.org/docs/ecosystem).
 There are also available three templates (Angular, Vue, React) to be directly extended to be used directly in the teiler.
 ## Teiler Dashboard
 It consists on the main dashboard and a set of embedded services.
 ### Login
 user and password in ccp.local.conf
 ## Teiler Backend
 In this component, the microfrontends are configured.
--- a/kr/root.crt.pem
+++ b/kr/root.crt.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
 MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
 TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
 OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
 XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
 pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
 K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
 poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
 A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
 AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
 fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
 3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
 n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
 7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
 Rtup0MTxSJtN
 -----END CERTIFICATE-----
--- a/kr/vars
+++ b/kr/vars
@ -1,16 +0,0 @@
 BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 for module in $PROJECT/modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
 obds2fhirRestSetup
--- a/lib/functions.sh
+++ b/lib/functions.sh
@ -53,8 +53,8 @@ checkOwner(){
 }
 printUsage() {
-	echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|install|uninstall|adduser|enroll PROJECTNAME"
+	echo "Usage: bridgehead start|stop|logs|is-running|update|install|uninstall|adduser|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki"
+	echo "PROJECTNAME should be one of ccp|bbmri"
 }
 checkRequirements() {
@ -171,10 +171,8 @@ optimizeBlazeMemoryUsage() {
 		if [ $available_system_memory_chunks -eq 0 ]; then
 			log WARN "Only ${BLAZE_MEMORY_CAP} system memory available for Blaze. If your Blaze stores more than 128000 fhir ressources it will run significally slower."
 			export BLAZE_RESOURCE_CACHE_CAP=128000;
 			export BLAZE_CQL_CACHE_CAP=32;
 		else
 			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chunks * 312500))
 			export BLAZE_CQL_CACHE_CAP=$((($system_memory_in_mb/4)/16));
 		fi
 	fi
 }
--- a/lib/prepare-system.sh
+++ b/lib/prepare-system.sh
@ -52,21 +52,6 @@ case "$PROJECT" in
 	bbmri)
 		site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
 		;;
 	cce)
 		site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/"
 		;;
 	itcc)
 		site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/"
        ;;
    dhki)
        site_configuration_repository_middle="git.verbis.dkfz.de/dhki/"
 		;;
 	kr)
 		site_configuration_repository_middle="git.verbis.dkfz.de/krebsregister-sites/"
 		;;
 	dhki)
 		site_configuration_repository_middle="git.verbis.dkfz.de/dhki/"
 		;;
 	minimal)
 		site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/"
 		;;
--- a/lib/prerequisites.sh
+++ b/lib/prerequisites.sh
@ -3,16 +3,14 @@
 source lib/functions.sh
 detectCompose
 CONFIG_DIR="/etc/bridgehead/"
 COMPONENT_DIR="/srv/docker/bridgehead/"
 if ! id "bridgehead" &>/dev/null; then
  log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
  exit 1
 fi
-checkOwner "${CONFIG_DIR}" bridgehead || exit 1
+checkOwner /srv/docker/bridgehead bridgehead || exit 1
-checkOwner "${COMPONENT_DIR}" bridgehead || exit 1
+checkOwner /etc/bridgehead bridgehead || exit 1
 ## Check if user is a su
 log INFO "Checking if all prerequisites are met ..."
@ -34,31 +32,31 @@ fi
 log INFO "Checking configuration ..."
 ## Download submodule
-if [ ! -d "${CONFIG_DIR}" ]; then
+if [ ! -d "/etc/bridgehead/" ]; then
-  fail_and_report 1 "Please set up the config folder at ${CONFIG_DIR}. Instruction are in the readme."
+  fail_and_report 1 "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
 fi
 # TODO: Check all required variables here in a generic loop
 #check if project env is present
-if [ -d "${CONFIG_DIR}${PROJECT}.conf" ]; then
+if [ -d "/etc/bridgehead/${PROJECT}.conf" ]; then
-   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under ${CONFIG_DIR}${PROJECT}.conf."
+   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf."
 fi
 # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
 log INFO "Checking ssl cert for accessing bridgehead via https"
-if [ ! -d "${CONFIG_DIR}traefik-tls" ]; then
+if [ ! -d "/etc/bridgehead/traefik-tls" ]; then
  log WARN "TLS certs for accessing bridgehead via https missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...) and put into /etc/bridgehead/traefik-tls"
  mkdir -p /etc/bridgehead/traefik-tls
 fi
-if [ ! -e "${CONFIG_DIR}traefik-tls/fullchain.pem" ]; then
+if [ ! -e "/etc/bridgehead/traefik-tls/fullchain.pem" ]; then
  openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/privkey.pem -out /etc/bridgehead/traefik-tls/fullchain.pem -days 3650 -subj "/CN=$HOST"
 fi
-if [ -e "${CONFIG_DIR}"vault.conf ]; then
+if [ -e /etc/bridgehead/vault.conf ]; then
  if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
    fail_and_report 1 "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
  fi
@ -66,7 +64,7 @@ fi
 log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..."
-source "${CONFIG_DIR}${PROJECT}".conf
+source /etc/bridgehead/${PROJECT}.conf
 source ${PROJECT}/vars
 if [ "${PROJECT}" != "minimal" ]; then
@ -94,10 +92,10 @@ if [ "${PROJECT}" != "minimal" ]; then
  fi
 fi
 checkPrivKey() {
-  if [ -e "${CONFIG_DIR}pki/${SITE_ID}.priv.pem" ]; then
+  if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
    log INFO "Success - private key found."
  else
-    log ERROR "Unable to find private key at ${CONFIG_DIR}pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
+    log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
    return 1
  fi
  return 0
@ -109,11 +107,6 @@ else
  checkPrivKey || exit 1
 fi
 for dir in  "${CONFIG_DIR}" "${COMPONENT_DIR}"; do
  log INFO "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")"
  hc_send log "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")"
 done
 log INFO "Success - all prerequisites are met!"
 hc_send log "Success - all prerequisites are met!"
--- a/lib/systemd/bridgehead-update@.timer
+++ b/lib/systemd/bridgehead-update@.timer
@ -1,9 +1,8 @@
 [Unit]
-Description=Daily Updates at 6am of Bridgehead (%i)
+Description=Hourly Updates of Bridgehead (%i)
 [Timer]
-OnCalendar=*-*-* 06:00:00
+OnCalendar=*-*-* *:00:00
 Persistent=true
 [Install]
 WantedBy=basic.target
--- a/minimal/docker-compose.yml
+++ b/minimal/docker-compose.yml
@ -10,13 +10,13 @@ services:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.directory=/configuration/
-      - --api.dashboard=false
+      - --api.dashboard=true
      - --accesslog=true
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard/`)"
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
@ -58,4 +58,3 @@ services:
      HOST: ${HOST}
      PROJECT: ${PROJECT}
      SITE_NAME: ${SITE_NAME}
      ENVIRONMENT: ${ENVIRONMENT}
--- a/minimal/modules/dnpm-compose.yml
+++ b/minimal/modules/dnpm-compose.yml
@ -2,7 +2,7 @@ version: "3.7"
 services:
  dnpm-beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-dnpm-beam-proxy
    environment:
      BROKER_URL: ${DNPM_BROKER_URL}
		`@ -1,2 +0,0 @@`
			bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19TVFJBVF9ISVNUT0xPR1lfU1RSQVRJRklFUgpES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KdHJ1ZQ==
			bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgogIERLVEtfU1RSQVRfSElTVE9MT0dZX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQgCigoZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDcvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg1MDAvMycpKQ==